Turning software supply chain security into a daily habit
In this Help Net Security video, Anastasia Tikhonova, Global Threat Research Lead at Group-IB, explains how to operationalize software supply chain risk. Ins...
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
198 articles found
In this Help Net Security video, Anastasia Tikhonova, Global Threat Research Lead at Group-IB, explains how to operationalize software supply chain risk. Ins...
GitHub continues to be a scintillating target for attackers because it sits in the middle of the software supply chain and gives threat actors three things t...
TeamPCP’s wide-scale supply-chain compromises have materially fueled VECT ransomware operations by supplying a vast archive of stolen CI/CD credentials, resh...
Software supply chain security was hard enough. Then AI joined the build pipeline.
Socket says the campaign remains active and more attacks are likely.
The PolinRider campaign has compromised more than 100 legitimate open source packages and repositories to deliver a backdoor and information stealer to devel...
The Federal Bureau of Investigation (FBI) has issued an urgent FLASH advisory warning that the cybercriminal group TeamPCP is weaponizing trojanized software...
Attackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more.
Aikido Security has acquired Root, uniting behind a shared mission to make it easy for developers and agents to build with secure open source and tackle the ...
Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, potentially turning malicious repositories into supply chain attack...
For the latest discoveries in cyber research for the week of 29th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Polymarket...
The AI-agent ecosystem experienced its largest supply-chain compromise to date when ClawHavoc detonated across ClawHub, the official skill marketplace for Op...
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that ...
A fresh supply-chain wave by the Shai-Hulud/Hades family that infected 20 npm packages in the Leo/RStreams ecosystem, an AWS-native event streaming SDK widel...
Analysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasing
A supply chain attack targeting Klue, a competitive intelligence platform, has lead to the theft of Salesforce data from multiple entities, including several...
The new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks...
Grafana Labs has confirmed that a recent supply chain attack involving the TanStack npm ecosystem resulted in the cloning of its internal GitHub repositories...
The security defects allow unauthenticated users to take control of the open source software supply chain. The post Exploitable CI/CD Vulnerabilities Expose ...
LastPass disclosed that attackers used OAuth tokens compromised in a supply chain attack on Klue, a market intelligence platform that integrates with CRM and...